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ABSTRACT 


A review of cryptographic systems for data communications 
has been carried out. The Data Encryption Standard has been 
implemented^ in hardware which interfaces with the 8085 
Microprocessor workstation and in software for the IBM personal 
computer. Plaintext messages can be encrypted using either 
implementation and transmitted over a serial link to be decrypted 
at the other end. DES has been implemented in the block cipher 
mode ( ECB method). 
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CHAPTER 1 
INTRODUCTION 

1 .1 Data Security 

Data security is the science and the study of methods of 
protecting data in communication and computer systems. It 
embodies, basically four kinds of controls [1]: , 

1 . Cryptographic controls 

2. Access controls 

3. Information flow controls 

4. Inference controls, 

1 . Cryptographic Controls ; 

There are two principal objectives: secrecy ( or 
privacy), to prevent unauthorized disclosure of data, and 
authenticity, to prevent unauthorized modification of data. 

The method mainly consists in transforming (scrambling) the 
data using transpositions and substitutions under a suitably 
chosen key. 

Depending on how the key is handled in the cryptosystem, 
we have two kinds of cryptography: 

(a) Public key* cryptography, where the key involved 
has two complementary parts, one of v\hich is made public in a 
directory and the other is exclusive knowledge of the user. 
Encryption of a message intended for a particular user is 
carried out using his public key \Ahereas decryption can be 
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done by the user using his private key. There is no way 
the user's decipherment key can be accessed with the 
knowledge of his public encipherment key, 

(b) Secret key cryptography, v-vhere two users agree 
upon a key prior to the start of an information transfer, 
othervAse the sender communicates the key over a secure 
channel to the intended receiver and encrypts the plaintext 
with that key and transmits over the insecure channel. 

The Data encryption standard (DES) for instance, has been 
designed to suit the needs of secret key cryptography, the 
algorithm uses a 56 bit key to operate on a 64 bit plaintejLt 
(ciphertext) to give an output of a 64 bit ciphertext (J^^intext), 

2, Access Controls ; 

Access controls ensure that all direct accesses to 
stored information are authorized. By regulating the 
reading, changing and deletion of data and programs access 
controls can prevent accidental and malicious threats to 
secrecy and authenticity. 

The effectiveness of access controls rests on two 
premises. The first is proper user identification. This is 

met through authentication procedures at login having 

password files encrypted with one way ciphers is one of the 
common procedures. The second premise is that the information 
specifying the access rights of each user or program is 
protected from unauthorized modification - this is usually 
taken care of by the operating system of the computer or 
database system. 
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3, Information Flow Controls ; 

Information flow controls deal with classifying 
information itself into security classes. An information 
flow policy is defined by a lattice (SC, _< ), where SC 
is a finite set of security classes, and £ is a binary 
relation partially ordering the classes of SC, Flow 
controls are concerned with the right of dissemination of 
information, irrespective of what object holds the information; 
they specify the channels or processes along which information 
may flow 

4. Inference Controls ; 

They are methods intended to prevent acquisition of 
original information from declassified versions of confidential 
data. Statistical data bases, for instance provide access to 
statistics about groups of individuals, while access to 
information about any particular individual maybe classified. 
Sometimes, by correlating statistics, original information 
can be gleaned; inference controls are steps taken to 
ensure that such attempts fail, 

1.2 Scope of the Present Work 

This thesis mainly addresses itself to the problem of 
data security over communication channels. An implementation 
of a Data Encryption Standard based cryptographic system 
has been reported here. 
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The DES is an algorithm originally developed by IBM 
of USA and thereafter prescribed by National Bureau of 
Standards (US) as an encryption standard for all US 
Governmental information transfers using the digital channel 
as the medium. 

The algorithm itself is public knowledge and it is in 
fact not the secrecy of the algorithm \.'\hich brings about 
security to the information encrypted with it, but the 
enormity of the computational cost involved in accessing the 
plaintext data from the intercepted ciphertext without 
access to the encipherment key. 

There are many hardware packages v/ith a varied range 
of options which implement the algorithm in LSI, one such 
device being Intel's 8294 A. The system described here 
consists, in part, of a hardware communication interface 
to the 8085 based microprocessor workstation and in its other 
part, it consists of software written for the IBM personal 
computer which implements the algorithm independently. 

Besides, the thesis examines the subject of cryptography 
in the context of computer communication and also throws light 
on the many variations in v^hich it is possible to use the 


DES 
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I .3 Organization of the Thesis 

Chapter 2 presents a survey of cryptographic systems 
in general and in the context of computer communication 
networks , 

Chapter 3 discusses the DES in detail. Besides 
presenting the algorithm it comments on the pros and cons of 
using the algorithm and highlights the various modes of the 
use of DES, 

Chapter 4 discusses the hardware communication interface 
to the microprocessor workstation vhich incorporates the 
Intel 8294-A IC for encryption/decryption. 

Chapter 5 discusses the software implementation of the 
algorithm in TURBO PASCAL language and the software necessary 
for handling the com.inunication between the IBM PC and the 8085 
based microprocessor v^orkstation. 

Chapter 6, the concluding chapter reports the result 
and suggests methods to make the systems more realistic and 
sophisticated. 
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CHAPTER 2 

CRYPTOGRAPHY AND SECURE COMPUTER CONMUMICATION 


Advances in hardware and speed of computation have 
made the application of cryptographic devices to achieve 
the objectives of secrecy and authentication in communication 
and computer systems economical. In this chapter, an 
overview of systems \Aihich can meet the objectives of crypto- 
graphy is presented. The applications of cryptographic 
methods to meet the security needs of digital communication 
networks are emphasised. 

Cryptographic Systems 
2,1 ,1 Definiti ons 

A cryptographic system basically comprises three distinct 
parts: (i) an encryption device, ( ii) a decryption part, and 
(iii) a key transfer mechanism. The flow of information 
in a conventional cryptographic system is sho'^ in figure 
?.1,1 The transmitter generates a "plaintext" or unenciphered 
message 'P' to be communicated over an insecure channel to^ 
the legitimate receiver. In order to prevent the eavesdropper 
from learning P the transmitter operates on P in an invertible 
transformation to produce the ciphertext or cryptogram 
C = Sj^( P) . The key is transmitted only to the legitimate 
receiver via a secure channel. 
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Fig, 2, 1.1 : Flow of Information in a Conventional 

Cryptographic System [3 j 


The goal in designing the cryptosystem { } is to 

make the enciphering and deciphering operations inexpensive 
but to ensure that any successful cryptanalytic operation 
( operation to deduce the message by using statistical 
techniques or computer aided exhaustive key search or by other 
methods) is too complex to be economical. 

Perfect Secrecy : 

A perfectly secret cipher system can be defined [2] 
using probabilistic notions, 

A cryptographic system can be seen as a probabilistic 


sample space vAierein; 
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1 ) Plaintext messages M occur with prior probabilities 
P(M) where g P(M) =1. 

2) Ciphertext messages C occur with probabilities 
P(C) where g P( C) =1. 

3) Keys k chosen with prior probabilities P( k) 
where P( k) = 1 , 

A necessary and sufficient condition for perfect secrecy 
is that for every C, Pf^ 4 ( C) = P(C) for all M, 

'//here C) is the probability of receiving ciphertext 
C given that M was sent. That is 

= k • 

E^(M) = C - 

This means that the probability of receiving a particular 
ciphertext C given that M was sent is the same as the probability 
of receiving C given that any other M was sent. Figure 2,1,2 
illustrates a perfect system with four messages, all equally 
likely, and four keys, also equally likely. Here Pq(M) = P(M) = 
1/4 and Pj(^( C) = P( C) = 1/4 for all M and C. A cryptanalyst 
intercepting one of the ciphertext messages C-| , C 2 » or 
would be at a total loss to determine \,Ahich of the four keys 


was used 








^3 


C 


k 


Plaintext <ciF'nteT6xT 

HGS5A6E5 |v)£5^A6£5. 


Figure : Perfect Secrecy 
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2,1.2 Cryptanalysis fll .fS' 

Cryptanalysis is the science and the study of methods 
of breaking ciphers. A cipher is breakable if it is possible 
to determine the plaintext or key from the ciphertext, or to 
determine the key from plaintext -ciphertext pairs. There 
are three basic methods of attack: (1) Ciphertext onlv 
(2) Knovjn plaintext and (3^ Chosen plaintext attack. 

Under ciphertext onlv attack , a cryptanalyst must 
determine the key solely from the interpreted ciphertext, 
though the method of encryption, the plaintext language, 
the subject matter of the ciphertext and certain probable 
words may be known. 
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Under knovm plaintext attack, a cryptanalyst knows 
certain plaintext-ciphertext pairs. Ciphers today are 
considered acceptable only if they can withstand a known 
plaintext attack under the assumption that the cryptanalyst 
has an arbitrary amount of plaintext ciphertext pairs. 

Under a chosen plaintext attack a cryptanalyst is 
able to acquire the siphertext corresponding to the selected 
plaintext. This is the most favourable case for the 
cryptanalyst. 

In order to ensure the strength of a cipher, it is 
best to make the most adverse assumptions about the information 
available to the cryptanalyst. The goal must be to design 
computationally secure system since it is practically impossible 
to design an unconditionally secure system, A computationally 
secure system is a system which is secure due to the cost of 
cryptanalysis but which would succumb to an attack with 
unlimited computation. 

The only unconditionally secure system in common use 
is the vernam system (also known as the one time pad) in 
which the plaintext is combined ( ex-ored) with a randomly 
chosen key of the same length. But the large amount of key 
required makes it impractical for most applications, 

2.1 .3 Public Key-Vs-Conventional Cryptography 

Depending upon how the key is distributed among the 
users of a cipher system we have two kinds of cryptographic 



schemes 
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1 , Secret key or conventional cryptography 

2. Public key cryptography. 

In a conventional cryptographic system [1],[4j, the 
key used for encipherment is exclusive knowledge of the 
transmitting and receiving parties. Before transmitting 
the enciphered message the sender ensures that the receiver 
is informed about the key chosen. This is done either by 

means of a courier or the key itself is transmitted in an 

enciphered form over the insecure channel. 

The technique consists in effecting permutations and 
substitutions on the text data and producing a scrambled 
version that is unintelligible and undecipherable for a 
person vvdth no access to the key. The ultimate secrecy of 

f 

the message, of course, depends on how complex the operations 
carried out on the plaintext are and how secure the key is 
made. 

The algorithm of encryption can be a standard one 
like the Data encryption standard or can be designed by 
the users in accordance with common cryptographic principles, 
Sethuraman [5] for instance, describes a secret key crypto- 
graphic system which operates on a 32-bit block of data. The 
algorithm looks upon the given block of data as an element in 
the vector space of 2'^ 32 bit binary vectors and generates 

a permutation table v\hich maps the given 32 bit plaintext data 
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into another 32 bit plaintext data. The 32 bit key describes 
how to arrive at a suitable permutation vdthout having to 
store the entire permutation table. 

Although, in principle, it is advisable for users 
to have their own cryptographic system ovdng to the fact 
that there may be cryptanalytic trapdoors in a public 
standard, yet, there is a case for using a standard such as 
the DES algorithm, especially in a multiuser environment, 
where it is impossible for each pair of users to have prior 
acquaintance for them to agree upon a cryptosystem. 

The Data Encryption Standard is a commonly used algorithm 
and is complex enough to defeat even sophisticated attempts 
at cryptanalysis. It operates on a 64 bit block of binary 
data and conducts sixteen rounds of permutations and subs- 
titutions on it under a 56 bit key (Described in Chapter 3 
in detail). 

The main feature of secret key cryptography is the 
generation and distribution of the secret key used for 
encrypt ion/ decrypt ion. The complexity of the key-management 
problem sometimes proves to be a dra'.-back in the use of 
secret key cryptography. 

Public Key Cryptography ; 

Public key cryptosystems were proposed by Diffie 
and Heilman [3] as solution to the problem of key distri- 


bution 
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A public key cryptosystem is a pair of families 

* Ke {k} ^ ^k ^ K eCk } algorithms representing 

the invertible transformations: 

: {U ] ^ iU ] 

-* {M } 

on a finite message space {M ^ such that (1) for every Ke{K) , 
Ej^ is the inverse of Dj^, (2) for every K e{K } and M £ CM}, 
the algorithms Ej^ and are easy to compute, (3) for almost 
every K e {K} , each easily computed algorithm equivalent to 
Dj^ is computationally infeasible to compute from Ej^, 

(4) for every K £ { K } it is feasible to compute inverse 
pairs and Dj^ from K, 

Because of the third property, a user’ s enciphering 
key Ej^ can be made public without compromising the secret 
deciphering key Dj^, 

Given a system of this kind, the problem of key 
distribution is vastly simplified. Each user generates a pair 
of inverse transformations E and D at his terminal. The 
deciphering transformation D must be kept secret, but need 
never be communicated on any channel. The enciphering kev K 
can be made public by placing it in a public directory 
along with the user's name and address. Any one can 
encrypt messages and send them to the user but no other 
than the receiver can decipher messages intended for him. 
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Public key cryptosystems can thus be reqarded as multiple 
access ciphers. 

An example of a public key cryptosystem v^tiich works 
on the above mentioned principles is the R-S-A public 
encrypton scheme [6] , viiich is based on the fact that it is 
easy to generate two large primes and multiply them 
together but it is much more difficult to factor the result. 
Briefly, the algorithm consists in selecting two large 
prime numbers (100 digits long) p and q and multiplying 
them to produce n = pq. Then the Euler’s function is 
computed as p(n) = ( p-1 ) ( q-1 ) , n) is the number of 
interers between 1 and n which have no common factors with 
n , n) as given above has the interesting property that 

for any integers between 0 and n-1 and any integer K 

gk(p(n)) + 1 _ a mod n, 

A random number E between 3 and iZ)( n) - 1 is then 
chosen which has no common factors with SZ{n), This then 
allows D = E~^ mod 0( n) to be calculated using an 

extended version of Euclid’s algorithm for computing the 
gcd of the two numbers. The information (E, n) is made 
public as the enciphering key and is used to transform 
plaintext messages into ciphertext messages as follows: 
a message is first represented as a sequence of integers 

E 

between 0 and n-1. Then the ciphertext integer is C = P mod n. 
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The information [D,n] is used as the deciphering key to 
recover the plaintext from the ciphertext via P = modn, 
qD _ pED _ pK(3(n)+1 _ p^ shown by Rivest et al,, 

computing the secret, decipherment key from the public 
encipherment key is equivalent in difficulty to the factoring 
of n. 

There are other methods of public key cryptography, 
notable among them being the trapdoor knapsack method, 
the algebraic coding theory method etc. [1 ] • 

2. , 2 Scope of Cryptographic Applications 

Apart from having the obvious application affording 
security to transmitted messages from the threats of 
eavesdropping, cryptographic methods can also be used to 
address other problems of a related nature that arise when 
two parties communicate: 

1 . Authentication 

2. The problem of disputes - digital signatures. 

2.2,1 Authentication 

The problem of anthentication is illustrated in 
the following situation. 

A message passes frcm A to B through a communication 
network. We want B to know that the received message came 
from A and has not been changed since it left A, in other 
words, that it is genuinely A* s message. 
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Also coming within the scope of authentication is 
the problem of authenticating the sender himself, for a 
message from A that has been undetectably modified is not 
different in its risks from an unmodified message that 
appeared to come from A but did not. 

It is assumed that the common medium guarantees 
that the transmitted data is free frcxn error using appropriate 
error detection and recovery procedures. 

Figure 2,2,1 shows the principle of a secure authenti- 
cation method. It is based on an algorithm represented by 
the function A( K, M) . The key K is secret, and the message 
M to be authenticated may be of any length but the function 
A(K, M) must depend on every bit of the message. The 
function A is the authenticator that accompanies the 
message to its destination. The receiver also computes 
A( K, M) and compares this with the received value A, If they 
are not equal, the message is not accepted. 


Y)£5/no 



Figure 2,2,1 : The Principle of Message Authentication 
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Encipherment with a secret key itself provides one 
form of message authentication. But authentication by 
mere encryption cannot prevent vvhat is knov/n as ’ spoofing’ 
v\here the enemy has access to ciphertext corresponding to 
a fraudulent message which he can insert at a convenient 
place inside the cipher text. This problem can be countered 
by a method knovn as "garble extension [7] ", This means 
that if any oortion of the cipher becomes garbled, the 
subsequent cipher also becomes garbled. Figure 2,2,2 shows 
a method by i^hich infinite garble extension is implemented, 
where by spoofing prevention can be incorporated in a block 
encryption system. 


CH-4M 




The "E" boxes perform block encryption and the "D" 
boxes, block decryption. The + function indicates exclusive 
or. Any change to the cipher garbles the decryption of all 
subsequent cipher, pLAiNTfXf 



Figure 2.2.2 : Infinite Garble Extension 
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2.2.2 The Problem of Disputes and Digital Signatures f 4 j 

The methods of authentication discussed above prove 
to be ineffective in solving the problem of disputes between 
the receiver and the sender over the validity of transmitted 
messages. Sometimes the receiver can forge messages and 
assert them to have been received over the channel, or 
the sender can maliciously deny having sent a message after 
having in fact done so. There must therefore a method of 
incorporating a digital signature in the transmitted messages 
which cannot be forged by the receiver and which cannot be 
disov;ned by the sender. 

Public key ciphers offer an excellent solution to the 
problem of disputes. The sender uses his decipherment key 
" kd" to transform the message. This is transmitted over 
the channel and the receiver applies the inverse transformation 
’Ke’ to the received message. The sender now cannot absolve 
himself of having sent the message because he and he alone has 
access to his decipherment key. If encipherment is to be 
incorporated in addition to a signature the sender first 
'signs' his message using his own decinherment key and then 
enciphers this message using the public key Ke( r) of the 
receiver. The receiver, as usual, deciphers the message 
using his ovm decipherment key Kd( r) and checks the signature 
using the public key Ke of the sender. 



19 


2,3 Computer Networks and Information Security r4].r8] 

A computer network has a complex structure consisting 
of switching centres called nodes connected by communication 
links and joined to concentrators and multiplexers i-Atiich 
provide paths to the network's host computers and terminals , 
To reduce their design complexity most networks are organized 
as a series of layers or levels, each one built upon its 
predecessor. The purpose of each layer is to offer certain 
services to the higher layers, shielding those layers from 
the details of how the offered services are actually imple- 
miented. 

The reference model of open systems interconnection 
( OSI) , an attempt at standardization by the OSI has seven 
layers. Starting at the physical layer, which carries signals 
from one place to another, it builds upto the top or the 
application layer. 

Encipherment can be implemented at the bottom levels, 
the physical layer or the data link layer or at the top of 
the hierarchy in the presentation or application layers. 
Consequently we have two kinds of encipherment: line level 
encipherment, when encipherment is incorporated between nodes 
and end to end encipherment, when encipherment is applied only 
to sessions by the usersi. 
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2,3,1 Line Level Encipherment 

The line is a path of communication between nodes and 


uses a protool or procedure over this line. Figure 2,3.1 
illustrates line level encip^ierment. Encryption at this 


level is usually implemented in hardware, using DES or 


some other suitable method^ 


Conce.*)\ra'^or 
ymulli IJle/er err 
5 wifcl)- 



Figure 2,3,1 : Line Level Enciphement 

If we encipher at this level, treating what passes 

over the link as a sequence of characters or bits, then an 

enemy who taps the line will see nothing of the structure of 

infoimation. He will be unaware of tli '‘lOurces and destination 

of messages and may even be unaware of the passage of messages. 

This provides traffic flow security, i.e, no information 

about the data rate or the amount of information flowing 

session 

between the nodes during a particulai^is available to the enemy. 
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This is all the more the case if synchronous stream 
communication is used over a synchronous line. If, 
however, asynchronous start stop communication or character 
wide communication is used, the enemy does know the rate 
at which characters are passing. 

The limitations of this encipherment are that data is 
in unenciphered form within the nodes viaich could be tolerated 
only in a private network in vhich the degree of care in 
physical protection, personnel selection, maintenance, etc, 
is just as high in the nodes as it is at the terminals or 
in the operation of the host computers. This is because 
while within the node, data is vulnerable to the threats of 
spoofing or being addressed to a v,n:ong destination. Thus 
although physical and data link encryption has the advantage 
of providing traffic flow security, it does not provide adequate 
separation betv;een one network user and another, 

2.3.2 End to End Encipherment [4 1 

Figure 2,3,2 depicts end to end encipherment, with 
an enciphierment device interposed between each terminal 
and the network with this method, the presentation or even 
the application layer performs the transformation using 
software mainly, or using special purpose hardware. End to 
end encryption thereby encrypts spociiic sessions, 

V/hen two terminals communicate d Lh each other, a 
virtual communication circuit is so '-up between the two 
terminals by the network, Consequen ly some of the inform.ation 
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present in the transmitted data is for network use and must 
be in unenciphered form (e.g, routing information, etc,). 

The 'call request' and 'call accepted' packets can be observed 
passing through the network, and so the progress of each 
call and the quantity of information carried can be 
monitored. There is consequently, no traffic flow security 
in end to end encipherment. 

Thus, end to end encipherment and line encipherment 
provide complementary services and can be im.plemented together 
for complete security. 


Terminal- 


Figure 2.3,2 : End to end Encipherment 
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2.3.3 Key M ana^qement 

Key management is one of the major problems of 
Network Security. It includes every aspect of handling of 
keys from their generation to their eventual destruction, 

“Vhen encryption is incorporated at the piiysical or 
the data link level, key distribution is straight forward. 

The exchange of keys concerns only the two nodes connected by 
the line. The key can be changed at local discretion without 
affecting the rest of the network. 

But when end to end encipherment is employed, users 
and terminals have to be kept separate so that they cannot 
interfere with one another except .•jtion tlioy are allowed to, 
by the sharing of keys. 

In order to move a key throuqh a communication network 
it must be enciphered with another key. For example, if 
we have a key ' ks* v\hich is used to encipher data and 
need to transport this key through the network we use 
another key kt to encipher it as (ks). The key ’ ks’ is 
typically used for enciphering data for just one session 
and is therefore called the session key. The key 'kt' is 
called the terminal key, A terminal key is used for a 
longer period than the session key, and it may have to be 
stored at a host computer with a similar number of similar 
keys for different terminals. To minimize the amount of 
secure storage needed all these can be enciphered under yet 
another key ' km' called the master key. Thus the storage of 
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' kt' is in the form of 

In cases v'lhere the number of terminals is large, 
key storage (a total of N(N-1) keys would have to be 
stored for a netvi/ork with N terminals) is a real problem, 

A network usually has a specially appointed key distribution 
centre (KDC) which takes on the responsibility of distributing 
session keys to the terminals on request. 

Figure 2,3,3 shov;s a pair of terminals for which a 
session key ks is to be established. The key distribution 
centre must share a knowledge of the key * kt' in common mth 
terminal 1 and key ' kt-2* in common with terminal 2. Terminal 
1 receives the enciphered form of ' ks' for its owm purpose, 
it also receives the value of ' ks’ enciphered mth kt 2 which it 
will pass on to terminal 2 when it is establishing a call. 
Setting up a call has therefore tv;o phases; obtaining the 
key from the key distribution centre, called the key 
acquisition phase and after making the call to terminal 2, 
transferring an enciphered form of the session key to that 
terminal, called the key transfer phase. 



Figure 2, 3, 3 


Routes for Session Key Distribution 
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Authentication is required at both the key acqusition 
phase as well as the key transfer phase in order not to be 
affected by the consequences of replay of messages by the 
enemy to achieve one of the follomng objectives: 

(1) masquerade as the k,d,c, and provide terminal 1 
with a key that was distributed earlier, 

(2) impersonate terminal 1 to the k.d.c, and 
obtain a new key for calling terminal 2, and 

-( 3) masquerade as terminal 1 in calling teriTiinal 2, 

Authentication of the k.d.c. can be done in the 
following form. Terminal 1 sends to the k.d.c. in clear 

Key distribution centre to terminal 1 

E kt^ (d/t, 32* kg, E kt2 (kg, a^ , d/t) 1 

a-| and 82 are the addresses of the two terminals, 
d/t stands for the current date and time. 

Encryption of the current date and time under kt assures 
terminal 1 that the message is genuinely fresh from the k.d.c. 
and authentication to terminal 2 of terminal 1 is also 
automatically provided automatically because d/t is also 
encrypted using kt2 v\hich is transferred to terminal 2 via 
terminal 1 , 
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CHAPTER 3 

THE DATA ENCRYPTION STAMDAf0 

Wnen protected communication is required between 
users vho belong to different organizations, some protocol 
regarding the encryption/decryption mechanism is inevitable, 
1<Vhen we have a huge number of such pairs of users v.lshing to 
communicate securely, we immediately have a case for standard, 
ization of the encryption/decryption algorithm. The case is 
made stronger by realizing that encryption and decryption 
must be introduced in the context of standard communication 
protocols which may place new restrictions on the means of 
encipherment. 

The DES (Data Encryption Standard) is a result of 
such efforts at standardization. It is a public standard, 
and the algorithm itself is public knovjledge which means that 
the security provided by the algorithm is not based on the 
secrecy of the algorithm, 

3,1 The Algorithm of DES [l] 

DES belongs to a general class of ciphers called the 
product cipher. A product cipher E is a composition of t 
functions (ciphers) F.j , where each F^^ may be 

a substitution or a transposition. 
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The operation has two 64 bit inputs, the plaintext 
(or ciphertext) block, the encipheiroent (decipherment) 
key block and one 64 bit output, namely, the ciphertext 
( or plaintext block, 

A logical flow diagram of the DES is sho'wn in Fig,3,1 .1 . 
The algorithm transforms plaintext into ciphertext or vice 
versa, depending on the mode in which it operates. Of the 64 
bits in the encipherment key block, only 56 enter directly 
into the algorithm. The eight remaining bits take values for 
odd parity in each 8 bit byte of the key block. 

As shown in Fig, 3,1,1, the input data block (64 bits 
long) T is first transposed under an initial permutation IP 
(according to table 3,1,1) giving T^ = IP (T), After it 
has passed through 16 iterations of a function f ( to be 
described presently), it is transposed under a final 
permutation IP to give the final result (table 3,1,2), 

All permutation tables should bo road left to right, 
top to bottom. For example, IP transposes T = t^ , 
into T^ = t^Q,.,.t^, All tables are fixed. 

The key enters the algorithm in the calculation of 
these functions (iterations). Each of the 16 iterations uses 
a version of the key v\hich is derived from its version for 
the previous iteration (according to key schedule calculations 
to be described presently). Each iteration fj_ uses a 48 bit 
key derived from . 
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Each of the 16 iterations actually comprises ' 

(i) The function f which combines substitution and 
transposition in a way that is to be described presently, 
and 


(ii) an interchange operation ' re’ vjhich exchanges 
the left and the right halves of the 64 bit data. 

The mechanism of the algorithm can be understood by 
realizing that both the function f and % are involutions [9]^ 
i.e,, they are functions vhich are inverses of themselves. 

Let T. denote the result of the i^*^ iteration and let L. 

X 

and denote the left and the right halves of T^, respectively. 
That is T.- = rLere 

*-1 ^32 

Si = *33 *64 



It is easily seen that the two transformations are involutions; 
Enforcing the first transformation f^ on itself. 
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1 

T. = 
1 

! ! 

L. R. 

1 1 


we get 



n 

T. = 
1 

1! 11 

L. R. 

1 1 


where 



II 

L. = 
1 

^i 

ftVl.Kp 

rr 

4-1 

K.) : Kp 

= 

4-1 


n 

R. = 
1 

4-1 


which means 

that f 

is an involution. 

Therefore between the input T and the output T^ we have 

T 

0 

ip-l ♦ 

^16 15 ••• ^ ^1 


^ IP [ T ] . 

To use the same algorithm for decryption v\e have to supply 
the functions f^ to f^^ in the reverse order. Therefore 
with T^ as the input 

= IP“'' f^ *%* f2 * 11 ^ f-,5 ^ IP [T^] 

substi tutinvg for T^ from the earlier expression we do see 

t 

that T^ = T and we have succeeded in decrypting using the 
;ame algorithm. 
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Figure 3,1.2 shows a sketch of the function 
f( , K^). First, ^ is expanHed to a 48 bit block 
E(Ri_^), using the bit selection table E (table 3.1,3). 

This table is used in the same way as the permutation 
tables except that some bits of selected more than 

once, thus, given R^_^ = ^i^2****^32* ^i-1 ^ " ^32*^1 ’ ^2* ••^32’^1 * 

Next; the exclusive or of E( ) and is calculated and 
the result broken into eight 6 bit blocks \'yhere 

E( Ri_i ) + Each 6 bit block B^ is then 

used as input to a selection table ( substitution) function 
(S-BOX) S^, v\tiich returns a 4 bit block These blocks 

are concatenated together, and the resulting 32 bit block 
is transposed by the permutation P shown in the table 3,1,4, 

Thu's the block returned by is 

P(S^(B^) ,,,,, Sg(Bg)) , Each S box maps a 

6 bit block into a 4 bit block as defined in table 3,1,5, 

This is done as follow The integer corresponding to 

b^b^ selects a row in the table while the integer corresponding 
to t> 2 b 3 h 4 b^ selects a column. The value of 3^(8^) is then 
the 4 bit representation of the integer in that row or 
column. 

Example 

If Bj = 010011, then returns the value in row 1 and 
column I that is 6, viiich is represented as 0110, 
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K I - i 





Figure 3.1.2 : Calculation of 

Key calculation ; 

Each iteration i uses a different 48 bit key 
derived from the initial key K. Figure 3,1.3 shows how this 
is done. K is input as a 64 bit block with 8 parity bits 
in positions 8 , 16,.,, 64, The permutation PC-1 (permuted 
choice-1) discards the parity bits and transposes the remaining 














37 


56 bits as shown in table 3,1,6. The result PC-1(K) is 
then split into two halves C and D of 28 bits each. The 
blocks C and D are then successively shifted left to derive 

i 

each key K^, Letting and denote the values of C and D 
used to derive , we have C- = LS. ( C . ^ ) and D. = LS. 

( Di_^ ) where LS^ is a circular shift by the number of positions 
sho’MTi in table 3,1 .8 and and are the initial values of 
C and D. Key. is then given by = PC-1 (C^D^) where 
PC-2 is the permutation shown in table 3,1,7. 

3,2 Argument over the Security of DES 
3,2,1 Effect of the DES Algorithm on Data 

The aim of encrypting with the DES algorithm is to 
transform the plaintext data in such a complicated way that 
it is not possible to find any correlation between ciphertoxt 
and plaintext nor is it possible to show any systematic 
relationship between the ciphertext and the encipherment key. 

The effect of a change of one bit in an input plaintext 
block should ideally be to change the value of each 
individual bit in the output ciphertext block with a probability 
one half. DES does achieve this in practice. Please see 
Figure 3.2,1 , 

In figure 3,2,1 plaintext, ciphertext and keys are all 
represented in hexadecimal notation. The plaintext block 
is shown at the head of the table with, later in the table, 
other selected blocks which each differ from the first in one 
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bit only. All these blocks have been enciphered under 
the same key - ( 01 23456789ABCDEF) . 

A glance at the corresponding ciphertexts shows that 
the changes caused by 1-bit differences in plaintext are 
large and random. The Hamming distance is listed of each 
of the subsequent ciphertext blocks from the first in the 
table. The mean Hamming distance is 31,06 vAiich is very 
close to the expected value of 32, 

3.2.2 Cryptanalysis of the DES flOl.rUl 

The Complementation' Property : 

A notable feature of the DES algorithm is the property 
of complementation. If the complement of a plaintext block 
is taken and the complement of an encipherment key, then the 
result of a DES encipherment with these values is the complement 
of the original ciphertext. Thus if 

y = E,(x), then y = E_ (x) , 

^ k 

The effect is entirely due to the presence of two ex OR 
operation one of which precedes the S boxes in the logical 
flow of the algorithm and the other vhich follows the 
permutation P, 

Under a known plaintext attack the complementation 
property of the DES algorithm does not represent a serious 
weakness in the security of systems using the DES, i,e,, 
there is no reduction in the time taken for exhaustive key 
search, given a known plaintext-ciphertext pair. If, however, 
a chosen plaintext attack can be mounted, then, by exploiting 
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the compleirentation property, the time taken to exhaust 
the key domain by search may be reduced by a factor of two. 
For instance, given the plaintext x and the values of 

y^ = and ^2 = ^k^^^ that ^2 = 

values of k are searched to find if Ej^(x) equals y^ or 

then each test covers the two key values K and K, 

Steps must therefore be taken to ensure not to enable 
an opponent to discover both and Ej^(x), 

Exhaustive Search for a DES Key; 

Proceeding on the assumption that the cryptanalyst 

has some how obtained matching blocks of plaintext and 

ciphertext, the next step is to test all possible keys by 

enciphering the plaintext in turn '.dth each and comparing 

the result with the known, ciphertext, 'M^en a match is 

obtained between the produced and the known ciphertext 

the current key value is that being sought. The time taken 

to exhaust the vdiole of the key domain will depend on the 

time taken to carry out the DES encipherment. If we assume 

that the time taken for the encipherment is 100 ms and that 

only one device is used, then we can calculate the time 

5 

required to test all possible keys to be 7,2x10 S or 

about 228 million years. If we assume that the encipherment 

« 

device is some what faster, with an operation time of 5 ps, 
then the total time required to exhaust the key domain is 
just over 11 000 years. Clearly these times are totally 
impracticable for a cryptanalyst. 



41 


The exhaustive search times only become practicable 
when we have key searching v\hich uses many DES devices in 
parallel, each of which is searching a different part 
of the key domain. It has been estimated that the time 
can be reduced to as low as 20 hours with a machine costina 
$ 72 million vhich uses 1 million DES devices acting parallelly 
each requiring 1 \xs to do an encryption operation. Such 
search strategies, however, can still be frustrated with 
techniques such as cipherblock chaining (next section). 

All these techniques, of course, are of the brute force 
kind, i,e., assuming that the cryptanalyst does not have 
access to any trapdoor information that might possibly have 
been introduced into the system during the design of the 
algorithm. But there are speculations that the actual 
DES-S-boxes contain some deliberate weaknesses put there in 
order to make the algorithm subject to a ’trapdoor' attack 
by those in possession of the design information, 

3.3 Modes of Block and Stream Encryption Using the DES [4] 

Block encipherment operates on blocks of data of 
fixed size but a message to be enciphered can be of any 
size. A block cipher breaks a plaintext message M into 
successive blocks , M 2 and enciphers each M^^ with the same 
key K, i.e,, 

Ej^(M) = 


EklM^) Ej^(M2) 
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A stream cipher breaks the message M into successive 
characters or bits m^ , nip,,,., and enciphers each with 
the i^^ element of a key stream K = that is 

E^(M) = ^“ 2 ) • 

i C) 

DES can be used for encryption either in the block mode 
or in the stream mode. There are four standard ways of 
implementing an encryption/decryption system using DES: 

( 1 ) Electronic Codebook Mode 

(2) Cipher Block Chaining 

(3) Cipher Feedback 

(4) Output Feedback 

3,3,1 The Electronic Code Book ( ECB) Mode : 

The ECB method of encryption uses DES in the 
’native' block cipher mode, dividing the entire message 
into 64 bit blocks, and enciphering each one separately. 

It is generally considered the weakest form of encipherment 
because of the fact that it does not connect the blocks 
together owing to which repeated phrases which happen at 
the same phase relative to the block size will show through 
in the ciphertext, Cr^qst analysts will search for and 
exploit these occasional regularities. 
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3.3.2 Cipher Block Chaining (CBC) : 

Cipher block chaining uses the output of one encipher- 
ment step to modify the input of the next, so that each 
cipher block is dependent, not only on the plaintext block 
from v'hiich it immediately came but also on all previous 
plaintext blocks. Figure 3.3,1 illustrates how it operates. 


/111 Imei CQ^rrLj 


64 brlr 


Mocks • 



Figure 3,3,1 ; Cipher Block Chaining 

The operation of cipher block chaining can be 
expressed as follov/s: 

Encipherment: C^^ = ^k ^ ^ *^n-1 ^ 

Decipherment: = ^k ^ ^n ^ ^n 1 

where is the i plaintext block 
Cj^ is the i ciphertext block 
+ stands for mod 2 addition. 
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The encipherment process is started by initially loading 
the 64 bit storage suffer in fig, '^.3,1 '.vith a previously 
agreed upon string of data knov^n as i.he initializing 
variable. Therefore for n = 1, == Ej^ (P^ + I) 

= Dj^C C^) + I 

The iniliatizing variable 1 is kept secret, and is usually 
transmitted by encryption in the ECB mode. 

Although the ciphertext corresponding to a plaintext 
block depends on all previous ciphertext blocks, a line 
error occurring some'j\tiere does not affect all the subsequent 
blocks. Ths is clear on examining figure 3,1 .1 . The system 
recovers just after two successive erroneous blocks. But 
the user must be on his guard against synchronization errors 
for if a bit is lost or gained in transmission so that blocks 
are shifted one bit out of position, then the receiving 
system vill generate garbage indefinitely, 

3.3.3 Cipher Feedback (CFB) ; 

Data are handled in many forms, as complete messages, 
or sequences of frames blocks, 8 bit characters or binary 
digits. ’/Vhen messages must be treated character by 
character another kind of chained encipherment is used v\bich 
is known as cipher feedback. We could, however group bits 
into larger blocks and use one of the two methods described 
earlier but if we are operating at a low level in the hierarchy 
of computer protocols v\tiere transparency is important, we 



must introduce encipherment in a v/ay v^hich disturbs the 
existing system as little as possible,, 

The cipher feedback method is illustrated in figure 

3.3.2. 

'.Vhereas CBC operates on \.^hole blocks, CFB operates 
on one character at a time, and the character length m can 
be chosen as a parameter of the design. It is known as m-bit 
cipher feedbacko 
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Figure 3,3.2 : Cipher Feedback 








46 


For m = 1 we have a stream cipher ';\Aiich would come under 
the broad category of self synchronous stream ciphers. 

In the figure above the eight bits used to encipher 
the character stream by modulo 2 addition are derived from 
bits 57 to 64 of the output of the DES algorithm. The DES 
algorithm performs ’ENCIPHERMENT’ at both the ends of the 
line. The input to the DES device comes from a 64 bit shift 
register which contains the most secret bits transmitted as 
ciphertext. Every character viiich goes out on the line at 
the sending end is shifted into the high numbered bits of 
the register- displacing similar number of bits from the other 
end of the line. 

Because of the chaining involved between successive 
characters as in cipher block chaining, line errors do propagate 
even with cipher feedback and in this case propagation is 
longer than in CBC, 

’/Whenever the ciphertext corres non<'ling to a character 
is garbled or altered due to lino errors, o; characters 
including the present one are erroneously deciphered (in the 
case of 8 bit CFB), 

As in CBC, cipher feedback also does have to be 
initialized with an initializing variable. The IV is 
transmitted over the line using the ECB method^ 
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3,3.4 Output Feedback (OFB) : 


The fourth method, output feedback is intended for 
applications in which the error extension properties of 
CBC and CFB are troublesome. It is a stream cipher and 
resembles the vernam cipher. Only here, instead of using 
a pseudorandom shift register generator for generating the 
key stream. We use a nonlinear key generator which 
incorporates a DES device. The method is illustrated in 
figure 3.3. 3,, 


sliiTl- 


-(r 



Figure 3.3.3 : hi - l?ll- 


Synchronization of the pseudo-random number generators 
at the two ends is more important in this case than in the 
CFB and CBG cases because unlike in these two cases the OFB 
operation will not recover if characters have been gained or 
lost. A system employing OFB must have a method of resynchroni 
ration after such a failure. This is the same as restarting 
with a new IV, 
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3.3.5 Summary: 

Comparing the properties of the four 'standard' 
methods of operation using the DES we can see that the 
electronic code book method (the simple use of the block 
cipher), is not suited for messages larger than one block 
because of the danger of 'code book' analysis of repeated 
block values and the possibility of reassembling messages from 
known blocks. The most usual application of the ECB method 
is to encipher a key for transmission. Cipher block chaining 
is best for messages more than one block. This method 
avoids codebook analysis generally but not at the start of 
the chain. But by varying the IV reasonably frequently 
this problem can be circumvented. Cipher feedback is 
used for enciphering streams of characters vhen characters 
must be treated individually. Both CBC and CFB methods 
recover from errors v\hich is to say that error propagation 
is finite. Output feedback is needed when error extension 
is undesirable. 

The four methods of operation are versatile enough for 
nearly all applications. Still they do not exhaust 
the possibilities, We can construct other methods for using 
the block cipher on chains of blocks, 

t 

3.4 Implementation of the DES [4] : 

DES can be implemented both in software and hardware. 
Hardware implementations achieve encryption rates of several 
million bps ( bits/sec) , 
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3.4,1 Hardware ; 

Single. LSI chips embodying the DES algorithm are 
available from several manufacturers, notable among these 
being: 

(i) the MC 884 (from Burroughs of Detroit, Michigan, USA) 
(This also requires the MC 883 for control of its 
operation) \«vi‘»ich is TTL compatible. The algorithm 
takes between 25,6 ps and 64 ps for encryption or 
decryption. Including the overheads required for 
input/output the effective data rate is in the range 
of 83 K byte/sec to 125 K byte/sec. The chip supports 
CFB operation, 

(ii) The IVD 2001 E/F, VC 2002 A/B and VC 2.003 (all from 
V/estern Digital, Newport beach, California, USA), 

All inputs are TTL compatible and can be used with 
8080 family of processors. For a maximum clock 
rate of 2 MHz the \'iD 2001 operates 167 K bytes/sec, 

( iii) The MC 6859 (fron Motorola) with a clock rate 
of 2 MHz, we get a data rate of 400 K bit/sec, 

( iv) AMZ 8068 (from AMD of Sunnyvale, California), a 

pov'^erful chip with a claimed throughput of 1 ,7. M bytes/ 
sec with an algorithm time of less than 5 ps. The 
device interfaces with the Al'AZ8000 CPU bus and may 
also be used with the 8085 and 8084 families of 


processors 
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(v) lOTEL 8294, which aims at low cost rather than 

high speed, is a microprocessor peripheral device 
v'\tiich operates only in the ECB mode giving an effective 
data rate of 80 bytes/sec. The chip provides for DMA 
make of operation. Used as a CPU peripheral no further 
control unit is needed for the 8294; used separately, 
it must be controlled by a separate microprocessor. 

This thesis reports the development of a communication 
interface for the 8085 based Microprocessor work station using 
the 8294 chip for Decryption and Encryption, The details 
are described in the next chapter. 

Software ; 

It becomes necessary sometimes to implement the DES 
algorithm in softv/are, although computers are not at their 
best while doing the bit manipulat.l onr. required by the 

algorithm; especially if encryption to be implemented at 
a higher level in the hierarchy of Mntwork architecture. 

It would be ideal to write software using the assembly 
language of the main processor of the computer system 
concerned because of the obvious advantages in speed of 
encryption. 

This thesis, however, reports the implementation in 
PASCAL of the algorithm for the IBM personal computer, 

PASCAL was chosen as the language in view of the difficulties 
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arising due to the complexity of the algorithm of DES 
and of course, the ease in coding in a high level language 
like PASCAL. 
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CHAPTER 4 

THE HARDWARE COMMUNICATION I^JTERFACE 

This chapter describes an implementation in hardware, 

of an encryption scheme vibich incorporates the INTEI 8294 A 

IC for the purpose of encryption/decryption. The card inter- 
faces directly vdth the 8085 based microprocessor work 
station; it uses the CPU of the work station for control of 
the main encryption device as well as the associated circuitry 
for serial communication with another terminal (Here, the 
IBM PC). The assembly language progr-am for handling the 
data transfers to and from the interface card resides in 
the workstation RAM and must be loaded into it every time the 
card is to be used, owing to the absence of an EPROM on the 
card. The data (message) to be encrypted/decrypted also 
resides in the workstation memory. The workstation, therefore, 
allowing the limitations on the size of its memory, can be 
used as an independent terminal for tr msmitting encrypted 
messages to a distant terminal vin the interface card. 

4 . 1 The Encryption Device 8294-A 1 1 -1 | 

The Intel 8294-A Data Encryption Unit (DEU) is a 
programmable microprocessor peripheral device designed to 
encrypt and decrypt 64 bit blocks of data using the DES 
algorithm. The DEU operates on 64 bit textwords using a 56 bit 
user specified key to produce 64 bit cipher words. 
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The operation is reversible, that is, the chip can 
be programmed to operate in the 'Decrypt' mode as well 
v-lieieby it operates on the cipher word to produce the 
original textword. Ihe mode of operation can be changed at 
any stage by using a single byte command. 

The algorithm itself is permanently contained in the 
8294-A; however, the 56 bit key is user defined and can be 
changed at any time. Figure 4,1,1 shows a block diagrarci 
depicting the internal structure of tho DEU, 
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Block Diagram of the 8294-A 
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The . j 6 bit key and the 'iixty iimi hj i tnessarie data 
are transferred, to and from the ■' _a in bytes by Way 
of the system data bus. 

The chip also provides a DMA f'lcility by means of 
viiich data can be transferred directly to the DEU without 
intervention of the CPU, For this purpose, two pins 
are provided on the IC, a D^'lA request output pin , and 
a Dh’A acknowledge input pin , The chip vdll then have 
to be used in conjunction with the 8257 DM controller or 
any equivalent device. The circuit details are given in 
the next section. 

Since the microprocessor workstation has a RAJA of 
limited size, use of the DM option for the interface card 
constitutes no specific advantage. The chip, however, 
allows to be operated in the ' Encrypt-decrypt mode', whereby 
it can be addressed as an input-output port. The card uses 
this mode of operation for data transfers to and from the 
DEU. 

Three interrupt outputs are available to ease the 
load on the CPU if it is otherwise busy; they also help to 
minimize the software overhead associated mth the Data 
transfer: ( i) The SRQ (Service Request) interrupt which, 

if enabled, interrupts the CPU indicating that the B29d-A 
is awaiting data or commands at the input buffer (ii) the 
OAV ( output available) interrupt, which indicates to the CPU 
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that the BP94-A has data or status available in its output 
ruffer, ( m) the CCMP (conversion complete) interrupt pin, 
•.vhirh is an interrupt to the CPU indicating that the 
encrvDti on/decryption of an 8 byte block is complete. 

Operation : 

The data conversion seguence is as follows: 

1 ) A set mode command is given, enabling the desired 
interrupts, 

2) An enter new key command is issued, followed by 8 

data inputs which are retained by the DEU for encryption/ 
decryption. Each byte must have odd parity. 

3) An encrypt data or decrypt data command sets the DEU 
in the desired mode. 

After this data conversions are made by writing 8 data 
bytes and then leading back 8 converted data bytes. Any 
of the above commands may be issued between data conversion 
to change the basic mode of operation of the DEU, e.g, 
a Decrypt data command could be issued to change the DEU 
from encrypt mode to decrypt mode without changing either 
the key or the interrupt modes enabled. 

Internal DEU Registers : 

Four internal DEU registers are addressable by the 
master processor; 2 for input, 2 for output. The function 

of each of these registers is described below. 
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Data Input Buffer : 

Data written into the reqir,ter \ interpreted in 
one of the follovMing three ways donending on the preceding 
command sequence: 

(i) part of a key (if the preceding command is an 
’Enter New Key’ command), 

(ii) Data to be encrypted and decrypted (if the 
preceding command is an encrypt-data or 
decrypt data command), 

(iii) A D^'!A block count^ (if the preceding command is 
a set mode command programming the DEU in the 
DMA mode ) , 

Data Output Buffer : 

Data read from this register is the output of the 
encryption/decryption operation. 

Command Input Buffer: 

Commands to the DEU are written into this regi ster. 

Status Output Buffer ; 

DEU status is available in this register at all times. 
It is used by the processor for poll driven data transfer 
operations. The CPU polls the flags CF (completion flag), 
OBF (output buffer full) and IBF (Input buffer full) from 
the status register and issues read write commands to the 
DEU accordingly. 
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4,2 Circuit Details ; 

Figure 4,2 shows the circuit dieqrem of the interface 
card. Besides the main encryption unit 8294~A, there is 
also a USART (Universal synchronous - Asynchronous Receiver- 
Transmitter - the Intel B251-A) for sorial communication 
between the workstation and an external computer . The clock 
inputs of both the 8294-A and the 8251 are connected directly 
to the system clock. However the transmit and the receive 
clock signals are obtained from the programmable timer 1-8253, 
The timer is programmed to operate in the rate generator 
mode (mode 3), The clock input of the timer is derived from the 
system not directly but via 7474 D-flip flop vjhich is 

configured to give a divide by 2 operation. 

The address decoding logic comprises a 74LS1 38 
3 to 8 decoder and a triple, 3--input NAMD Gate (7410) and 7404 
Hex inverter. 

At the interface between the serial communication USART 
and the external host, there is a 14P« line driver and a 1489 
line receiver which convert TTL sinnal levels to RS-232-C 
levels and vice versa respectively. These are essential 
because communication adapters provided with most 
computers adopt this standard ( RS-232C) for signal levels „ 
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DMA Mode of Operation : 

When messages spanning several hundreds of bytes are 
encrypted 

required to bemusing the DEU, the DMA mode of operation 
is very useful. The circuit diagram for data conversions 
using DMA is shorn in figure 4,2,3, 

The use of the DMA feature requires 3 external AND 
gates and 2 DMA channels (one for input, one for output). 
Since the DEU has only one DfM request pin, the SRQ and 
the OAV outputs are used in conjunction with two of the 
AND gates to create separate DMA request outputs for the 2 
DMA channels. The third AND gate combines the two active low 
DACK inputs. To initiate a DMA transfer, the CPU must first 
initialize two DMA channels. It must then issue a set mode 
command to the DEU enabling the OAV, the SRQ and DMA outputs. 
Following the Set Mode command there must be a data byte 
giving the number of 8 byte blocks of data (n < 256) to be 
converted. The DEU then generates the required number of 
DMA requests to the 2 DMA channels with no further CPU 
intervention. When the requested number of blocks have been 
converted, the DEU will set the CF and assert the CCMP 
interrupt (if enabled), CCMP then goes false again with 
the next write to the DEU. Upon completion of the conversion 
the DMA mode is disabled and the DEU returns to the encrypt/ 
decrypt mode. The enabled interruot outputs, however, mil 
remain enabled until another set mode command is 
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4,3 The Assembly Language Program : 

A flow chart of the Assembly Language Program to 
effect Data Encryption and Decryption and to transmit/receive 
encrypted data over a serial link is shown in figure 4,3,1, 

The prodram stores messages meant for encryption and 
decryption in different areas in memory. Registers DE and 
HL contain the addresses of converted data and plaintext/ 
ciphertext data respective! y^ 

The key is stored at fixed location in the memory. 

It is entered interactively from the video terminal on being 
prompted. The program adjusts the key for parity bits and 
sends it to the DEU after entering the appropriate command. 

Messages meant for encryption are entered interactively 
and are stored at fixed locations. The program interprets 
every character of the message as an B-bit byte, i,e,, it sends 
the ASCII? bit code for encryption. Encryption is thus 
effected on 8 characters at a time; 

The 8294-A is a low cost chip; it does not offer facilities 
of CFB or CBC modes of DES operation (Chapter 3), The program 
therefore encrypts data in the ECB (Electronic Codebook) method. 

The program pads up the message vdth blank characters 
to make the number of characters an exact multiple of 8, 

After the Data conversion is over, the encrypted data is 
sent over the serial link to the PC, The PC then decrypts the 
message in software (discussed in Chapter 5), 



START 


Initialize IC‘ s 8294, 8253 and 8251 


NEW K 


Enter key stored in 
locations 5001-5005 
into DEU 


Read key interactively from 
terminal 

Adjust for parity (odd) and 
store it in loc-5001 -5008 
Send key to DEU 


ENCRYPTION? 


1) Initialize 8294 for 
decryption 

2) HL r= 54 01-(SA) 

3 DE = 5101-(EA) 


1 ) Initialize 8294 
encryption 

2) HL = 5101-(SA) 

3) DE = 5401 -(EA) 


NEW MESSAGE?, 


SEND MESSAGE FROM 
<HL> ONmRDS FOR 
ENCRYPT lON/DECRYPTION 
AND STORE CONVERTED 
MESSAGE FROM < DE > 
ONV/ARDS 


READ MESSAGE INTERACTIVELY 
FROM KEYBD AND STORE IN HL 
ONWARDS 

PAD UP mTH BLANKS TO 
ADJUST CHR-COUNT 
HEiNiTiALIZE HL TO START 
AMU SEND TO DEU. STORE 
a N/EfiTED MESSAGE FROM 
< DE> ONWARDS 


1) Reinitialize HL to SA of Converted 
message 

21 Transmit to PC over serial link 
3) Also print inverted message on screen 














65 


CHAPTER 5 

SOFTWARE IMPLEN'ErPTATlON OF DES 


Despite the many advantages vath hardware encryption 
schemes ( especially in respect of speed of encryption) it 
sometimes becomes necessary to implement encryption 
in software, especially in cases vAiere encryption is 
desired to be incorporated at a higher level in the hierarchy 
of network protocols, that is, when an end-to-end encryption 
scheme is preferred to data link encryption. With end to 
end encryption the user can change the encryption method 

v\henever he feels that the old one has been compromised and natur- 
ally it is easier to do so if the encryption has been implemented 
in software. 

In this chapter, an implementation of DES in softvrare 
for the IBM personal computer has been described. The 
prograrming language used is TURBO PASCAL (an enhanced 
version of Standard PASCAL) , 

The program implements DES in the Electronic Code 
Book Mode, that is, it treats the message to be encrypted as 
a concatenation of 64 bit blocks and encrypts the blocks 
separately. There is no linking up of the blocks as in 
the cipher block chaining or cipher feedback modes of 
operation ( described in detail is Chapter 3), This mode has 
been chosen mainly with ease/ of implementation in mind; in any 
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realistic implementation of a cipher system this might prove 

to be inadequate for reasons mentioned in Chapter 3. 

more 

The core of any of the^realistic modes, however, is 
the ECB mode, and it can be therefore easily improved upon to 
meet the security risks of a practical systems 

As described in Chapter 3, the DES algorithm operates 
on a 64 bit input and enforces substitutions and transpositions 
on it under a 56 bit-key to arrive at a 64 bit output. There 
are a few basic operations which the algorithm repeatedly uses. 
Subroutines have been written to perform these basic operations, 
A flow chart based description of the various procedures and 
the entire algorithm follows, 

- . 1 Inputting the Substitution and Permutation Tables ; The 
’ S-readi* and ’ p-reacl' routine s 

The permutation tables and substitution boxes of 
the DES algorithm are fixed and are therefore permanently 
stored in a file called INP-1,the tn'. 1''5 being entered in 
the order in which they are 'read'. 

The routines ' p-read* and ’S-read' perform the reading 
operation of the permutation tables, and the substitution boxes 
respectively from the file INP-1 into the program. 

The 'p-read' routine reads into a one dimensional 
array of appropriate length and 'name' (which are transferred to 
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the routine as parameters) entries from the input file. 

The S -read routine reads into a two dimensional 
array of standard dimension of 4x16 (all substitution boxes 
are of these dimensions, only the ’name' is passed as a 
parameter to the procedure) entries (numbers) from the input 
file. 

5.2 The Procedure 'Permute' 

The algorithm effects pei'inu tat ions on the inout 
and the key and at various stages in the encryption/decryption 
process. The permutati ons are all fixed and are specified by 
the permutation tables, which are read into the program into 
one dimensional arrays by the "p-road" routine described 
above. The 'permute' routine, '/Jhen invoked, effects the 
appropriate permutation. 

The procedure has as its input parameters: 

( i) the vector on which permutation is to be 
effected 

(ii) the permutation table ( vjhich is also in the 
f oiTn of a one dimensional array) 

(iii) the length of the array. 

The permuted output can be in the same array as 
the input or is a different array, and is also specified 
as a variable output parameter. 
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5.3 Procedure Hex 

It is most convenient to ontt;r the key in Hexadecimal, 
The ’Hex' subroutine returns the decimal equivalent of a 
Hex character {which is eventually converted into its 
binary equivalent and stored in the key-array), 

5 .4 Procedure L- Shift 

A look at Fig, 3,1,3 shows- that each of the 16 basic 

iterations of the DES algorithm uses a different key derived 

from the original key through a series of left shifts according 

to the key schedule specified in table 3,1 ,8, Wien the same 

algorithm is used for decryption, the keys are furnished in 

the reverse order, i,e,, the first iteration uses what would have 

been ^ for encryption, and so on. It is not necessary 

however, to calculate all the sixteen iteration of the key 

and store them; the 'decryption keys' can be obtained 

directly by suitably right shifting the original key. For 

instance K., is arrived at after 28 left circular left shifts 
I o 

on the left and the right halves of the 56 bit key separately, 

K, . is therefore the original key, K.c. is obtained after 27 

left circular shifts, is therefore obtained while 

decryption (it is K2 in this. case) by right circular shifting K 
once. 

More generally, if is arrived at by N left shifts 
on K^, it can also be obtained by ( 28-N) right shifts on K. 
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(The shifts are all circular), or vice versa. Vie can 
therefore calculate a different key schedule based on riqht 
shifts 'y\hich vail be used v'hile decryption. The procedure 
L-shift can be used to Left circular shift-or right 
circular shift a key register. Only the parameter which gives 
the number by vuhich a register has to be shifted has to 
appropriately specified, 

f>.5 Procedure Iterate ( n1 , Li, ri. Key C, key d, encryp, p,e , 
PC-2. S1. S2 S8 r.- 

f'*- i L 

This procedure is the core of the program. It 
computes the basic iteration of the DES algorithm (please 
refer fig. 3.1,1 for the main flow chart). In essence, the 
'iterate' routine basically computes f(r^, k^) ( of the 
previous iteration, and of the present iteration) and 
adds it modulo 2 to of the previous iteration (l^,andrj^ 
are the left and the right halves of the data of the previous 
iteration), remains unchanged, ivarameter description 

is as follows: 

n1 : This specified the number of shifts on the key of 

the previous iteration to arrive at the key of the 
present iteration, 

li, ri : The left and the right halves of the data vector of 

the previous iteration; both, 32 wide one dimensional 


arrays 


w 


ENCRYF? 


1) LSKIFT(KEYC,N1) 

2) LSHIFT(KEYD,N1 ) 


1.) LSHIFT(KEYC,32-N1 ) 
2) LSHIFT( KEYD, 32-N1 ) 


KEYl; = (KEYC, KEYD); 

Permute ( 56. KEYl , PC-2, KEY1 ) ; 
ri1: = ri (1..32); 

Permute (48, ri1 , E, ril ) ; 

TEMP [ i]: = (ri1[i] + key1 [ i])mod 2 


2) k = 6*i 3) 1 = 4 ^ 1 ; 

4) tempi [1 ..6 J.: = Temp[k-5.,kJ; 

5) il : = 2*templ [1] + tempi [6]; 

6) i1:=2 * (2*(2*temp1 [2]+ tempi [3]) 

+ temi [4^ + tempi [5]; 

7) x2: = Si[i1 , jll ; 

8) f-ri-ki[ l-3..ll= ^ binary); 


Permute (32, f-ri-ki, Pf fri-ki; 
li(i); - ( f-ri-ki [i] + ri [ijmod 2 
i 1 to 32^ 


5" -5 • 


I’rocec^uxJL 
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The left and the ri lit halves respectively 
of the key of the previous iteration; both 
28-'.''ade one dimensional arrays. 

The boolean variah'le which indicates how to 
compute the key for the present iteration, 
i.e., by left shifting or right shifting, 
according as encryp is true (encryption) or 
false (decryption), 

are the pernutation vectors used by the 
routine, 

are the substitution boxes, 

5.6 Procedure i Change 

This procedure interchanges the left and the right 
valves of the data output of the present iteration. The 
parameters are 1^, r^^^, 32 bit registers; they are returned 
to the program after their contents are interchanged, 

5.7 The Flow Diagram ; 

The program requires the message to be encrypted, 
to be entered in an input file named ’ inp-2’ , Each 
character in the file is expanded into its 8 bit ASIII 
equivalent and 8 characters are concatenated to form a 64 



>it block 



START 
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decryption 


"iNCRYPTIOir 

or 

4)EGRYPTI0^ 


INCRYPT ION 


SET ENCRYP :::^ 0; 

\) r^read(64,IP) 

2) p-readf 56,PC"1 , 

3] p-read(32,P) 


4) p-readi(48,PC-2) 

5) p-read( 48,e) 

6 } p-read( 64,IP-1 ) 


SET ENCRYP; = 1 - 


7) s-read(Sl) ; {Reading the permutation 

8) s-read(S2) * tables and the substitution 

: ! * boxes from file INP-1 1 


14) s-l:ead(S 8 ) 


— --- ■ - - - ^ 


“1 Read KEY from KBD. 8 Hex bytes, each < 7F, 

Convert into binary, using procedure Hex, store in array KEY. 
o* Permute (56, KEY, PC-1 , KEY) j {The key is permuted according to PC-1 , whereby 

the parity bits are removed. Only the first 
56 bits of *KEY* are relevant } 

4 Key cri..28]: * KEY[1,,28 ] : {Splitting the key for key schedule 
5 * key Dri!>28 3; = KEY[29,.56] . calculation 1 


1 Data; Read 8 characters from file INP-2, 

2* Convert ASCII equivalent of each characters into binary and store the 
* 64 bit data in array D1 [ 1 .,64 1 

If eof has been reached while reading the present block of 8 characters 
replace the missing characters with blanks,. 

4 . Permute (64, D1, IP, D1 ) 

5 Liri..32]; » D1[1..321 

6! mfU*32j; « D1 [33.64]. 


Iterate( 0,Li,5fcL, keyC, keyD, p, e,PC2, 
encryp,S1 .,S8)| | 

2, Ichange; : 

3 , Iterate ( 1 ,Li,ri, . , . .S 8 ) j ' 

4, Ichange; ' 

5, for i *s 1 to 6 do 

beginj^g^ 3 ^g C2,Li,ri,...,encryp,S1 ,...S 8 ) 
Ich ange ; 

end; 

6 , Iterate (1 ,Li,ri,..,encryp,S1 , ...S 8 ); I 

7, Ichange; | 

8 , for i ss 1 to 6 do 1 

beginj^gj.3te (2,U, ....S 8 ) 

Ichange; 

end; 

9 , Iterate (1 ,...S 8 )j 
10,. Ichange; 


1, Iterate ( 1 ', Li, ri, keyC, keyd, p,e, PC-2, encryp, 
SI , . , S8) ; 

2, Ichange; 

3, Iterate ( 1 ,...S8); - 

4, Ichange; 

5, for i as 1 to 6 do 

b®^initerate( 2 . . . , Sa) ; 

Ichange ; 

end; 

6, Iterate (1,,,,S8); 

7, Ichange; 

8, for i ss 1 to 6 do 

'=®'3i''lterate( 2 , . . . S8) ; 

Ichange; 
end; . , . 

9, Iterate (1 ,.,.S8); 

10, Ichange; 



IS EOF ( INP^2) 

true? ^ 


1 ENCRYPTION/DECRYPTION 
COMPLETE 1 








73 


The key is entered in Hexadecimal interactively 
on being prompted on the terminal. The flow chart, wi'iich 
is self explanatory, describes the .other salient features 
of the program. 

The output of the encryption/ decryption process is 
in file named OUTPUT, 

5.8 Software for Handling Communication 

Encrypted data is transferred to and from 
the PC via the communications adapter provided. Programs 
for handling communications with the workstation have been 
written in BASIC in view of the fact that one can directly 
open the communication buffer as a text file and issue 
•input' or 'print' commands for receiving or transmitting 
respectively. The "OPEN COM" instruction helps the user to 
specify the particulars of the asynchronous communication viz,, 
the baud rate, num.ber of data bits, number of stop bits, 
nature of parity, etc. Communication is through the 25 pin 
D shell connector provided at the back of the PC [15], 

User Instruction : 

The "TURBO-87” command to the PC in the 'DOS' mode 
enables the user to run his PASCAL programs. The data to 
be encrypted, or decrypted is entered into a file named 
"INP2" (using the E command in the TURBO mode). Program 
DES.PAS acts upon the message in ini>2,8 characters at a time. 
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filling up the last block with blanks if necessary to make 
the blocks of encryption complete. The output of the 
encryption/decryption process is in file "OPUT" which can 
be seen by using the ' E' command. For reconverting the 
data in *OPUT’ into original foirni, one will have to transfer 
it into file "INP2" and thereafte-^ run “DES PAS” . The t-ransfer 
can be effected by running "CHAM, PAS" once. File "INP1" 
has permanently the tables necessary for substitutions and 
transpositions. The user must onsuro that the file ” INP1 " 
is also on the hard disk/discrete bofcre running DES.PAS, 

For communication with the work station, however, 
one has to 'enter* BASIC from DOS and use C0M1 , BAS for 
transmitting Data and COMP-.EAS for receiving Data, The 
former transmits data from 'OPUT' (output of the encryption 
process) over the serial link, and COM2, BAS receives data over 
the serial link and stores it in ”INP2” whereafter it is 
ready for encryption/decryption. 
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CHAPTER 6 
CONCLUSIONS 

The main objective of the present thesis has been to 
describe the implementations of DES both in hardware (using 
the Intel 8294-A Data encryption unit) and softv;are (imple- 
menting the algorithm directly in TURBO PASCAL for the 
IBM PC)„ 

Both the implementations have been found to be working 
satisfactorily. Messages can be encrypted in hardware from 
the workstation and transmitted over the serial communi- 
cation link to the PC using the programs listed in Appendix-1, 
The message can be operated upon by the reverse transformation 
in the PC (the programs are listed in Appendix-2, vdth user 
instructions in Chapter 5), thereby verifying the correctness 
of the encryption software. The same could be done in the 
other direction also, viz^ messages encrypted using the 
software in PC and thereafter transmitted to the workstation, 
to be processed by the hardware interface card. 

In both the schemes, encryption was effected on messages 
in the Electronic Code Book fushion, i,e, treating the message 
as a concatenation of 64 bit blocks and encrypting the 
blocks separately. 
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The soft’ware for handling the communication between 
the PC and the workstation is in BASIC because of the 
provision there exists for reading from the communication 
adapter directly ( or writing into it) after opening it 
as a text file. The program initiates the adapter f or a data 
rate of 1200 baud and 8 bits/character and 2 stop bits 
asynchronous communication. The 8251 chip on the workstation 
card is programmed accordingly for 1200 baud (X 16 operation) 
8 data bits and 2 stop bits^ 

6.1 Scope for Further Work 

DES could be implemented in some of the more sophis- 
ticated modes of operation, such as the CBC (cipher block 
chaining) or the CFB (cipher feedback) mode. The ECB method 
reported here could be considered insecure for certain 
purposes for reasons described in Chapter 3, 

The 8294-A, however, does not offer the facilities of 
CFB or CBC directly. There are more expensive chips ( listed 
in Chapter 3) which offer ti:is facilily. But one could still 
implement these Vvith provision for a : 'itional storage like 
shift registers on the card. 

To modify the PASCAL program for CBC or CFB is a simple 
matter and should pose no difficulties. 

Secondly, the software implementation could be more 
effective if the assembly language of the processor concerned 
is used for programming instead of a high level language like 
PASCAL. Although it would not match the hardware scheme in 
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npo^d of oncryption, it »o„ld still improve ppon the 
present speed substantially. 

Use of a standard like the DES has advantages as well 
as pitfalls. The algorithm is certainly intricate enough 
to defeat even elaborate attempts at cryptanalysis but 
in view of the fact that the design details are not publicly 

announced one could suspect the presence of trapdoors in the 
algorithm. 

For applications wfiere a relalivoly unstudied standard 
like DES may be considered insecure, tisers must have additional 
or alternative encryption mechanisms. 
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riPL.fc.i'it N r ,i NB 


AL,.BOR I i iHM 


.’ii ,■'"■;!■ if'- '-jr!'. l■■ypt=;• text message using the DEIEs algorithm , the '-.np 
if-'.:. '-tf-Of- !'!::> tivv- encry[.:H:,i an/decrypt:ion process must be entersd in tcxi: 
; . ;r ■ ■; t-.hi-.' c.iutput. is printed in text file op ut.. Far its apereti on,: 

p I '0 slso needs the? -file inpl to be present in the directory;; thi;;; 

■' "■ ' ' ii r s tne ne^'-mute^tion tables and the substitution boxes 
■; : ::: v) i'" ; ' ■>■ r- t h e a ]. gar- i t !-> m » } 


.1 n.n r;; i a , i 5 1 . 6 ,> 1 7 ,, 7 P 1 , 25 i 00 5 


nr r"ay2'---arr,Ay rj „ .,563 


1 nteger i 

-.-U'- !'■ -..\y 3 -•S'.u'' r =iy C i „ '‘1 8 3 

of 

i nteger 

nrT-a.N/^-rtarfej.y!: 1 „ :323 

a-f 

intc^ger 1 

ar I'-'ayB-'-arr iiy r 'i „ , 283 

of 

i nteger ^ 

arr ayto“-array[ 3 .. „ 16.1 

of 

1 ntager 

n 1 '" r’ (1 y 7 •"■■ur r a y [' 1. . 1 6 3 

of 

char 1 

arrayF=-"arrayl0„ . 3, 0, 

r. . .1.!:: 

} .1 . at i n t 


arr ay 9 :~'arr ay C 1 « „ 83 of i nteger- !i 
r :i lup-str i rH 2 C 41 ! 5 
num="i nteger 5 

/ar ^ ^ ■ 

i p » d 1 s, i p :i „ d2s, d3 j key s array 1 p 
€■; , p c i , pc: 2 s ar ray 1 p 
1 i j, 1 1 1 , r i 2 , 1 - i , p ! ar r ay 1 p 
keycj keyds arraySp __ 

mtfjs, keyn , mesl (, k6s array?? 
kl ss array^p 
X3s x4s char § 

i S i if- i J j ^9 i^jk, kl,s< 1 ,k2,k5jP 1 jCems integer? 

•f- j 9 , hs t»Kt I 

i np 1 , 1 np2 s oput „ tex s r i ncj p 
eru:rypj,f lag* boolean? 

» 1 , s 2 , s 3 , s 5 , s 6 , « 7 , s 8 s arraySp 

procBdura hex < k 4 s char; var xSs integer I p tthis procadure converts tha hex 
:h«racter <-3 used in the inputting the key to their corresponding decimal 
yalae 4 i> ' . ' 

var m6i integer? . : ’ ' . 

begin ,, ,y?t\ ^ ^ -'Vty, ' 

case k 4 of ' - V.t-ry. •, ^ I-' ; ,,.,2'' 

* A* SxJ 5 s ®105 ' ‘ i'Sr'* ? ’■ ■ ■' .--ffity ’’ ' 

r ,,:.r , . ■ ’ "rt- itr. '2' ' 





end 


■„ for is-“l to 28' do.vjS:; 

aCi 3 » “I Ci 3 1 h. 

1.,,^;., f4'4!r' 


1 n ’C Cr C- r i 3 ' C. C‘ 3* ;. t:' -'' 


var cU^ arrayS) p -C-procedure t.o resad tJifa sul:)st 1 tut i on 
:u r r. *. i-' 3’ “■ J i n *3 n b j. o n a 1 a r a y b i n t: q t !i e p r** a g r a m > 

% :.j*‘ ‘ j ar r uyBr 


■*>■»:, r 1 t to 3 do 
bagj. fi 

or j ‘4 "‘•‘0 tv> 15 do 
bcagi /1 

r‘ ead C i a 1 1 i , j ] ) p a il i j 1 s -a i t i ^ j 3 | 
•ikirlte (aCi j ItZ) .p >- 

endp 

i n 5 > ' ■■ ■ ■ 

ends 


proc.odur u per fiiufcct in 1 n2ti int eger | d 1 p g array 1 p var d2s array 1 ) ?! tpr-oiiedure tt 
perfTi»„i,te! a given v®L:tor<d:lJ according to a specified permutation 
t^a!‘:)l e Cp ) ;i the oiitput of the permutation is in vector d2> 

\/ a f* c! '..S ft o r r" a. y 1 5 i ^ . j i in t eg or | 
begin 

for to n 2 do , . . ■ 


i t wo C i 1 8 

d3Ci:i5»dli:j3| 

end; . . ' ^ ■ ' ' 

for i 8*1 to n2 do . ■ • : , , ' ' ■ 

d2ri 3 8 wd3Ci3}, ' .i' ' ■ 

snd| ■ ' . . : ^ : ■' ^ 

pfocejduro 1 shi f t (ns i nteger? var as arrayS) ; "Iprocedure to left shift/riQht 
shift a givfsn vector by a givan ntwiber of places}- 

var 1 sarraySf iy jiintscjer; ■■■ , ■ ■ ■, 

begin ■ . ^ ^ ’ ■ 

for is* 'i to 28 do ^ y , : , - , 

begin ■' . - 

j 8 *■•»! '~n 5 ‘ ■ ' '' , ■ 

.,,if j<«0 then j s «i '-’n4-285 , y 

, ' ' ' 1 3 ? ^ Vjy;; 


u".’ r^f'i.rr-. ■ 

; 3 ^ , p M , ■;■ 

■r: ,i 

• ■; r .? 


le inpi. into one 




’ ’ • I ' J i ntfger ; var keoyc , keyd s ar raySis encr ■ 

• *” ■' ■' '• '3.!'"f''ay 1 si ,, s2(i s3j s4>; s5, s6ji s7., sSs arravSg pel 

’■ • ‘".i .< KL-yi s an-ayi ^ tamps array3; tsrnp i s array*?? 

1 . , :i. ' -..r ■ y K:’i X f :! 1 ^ j :l, j ks 1 , .1. s integer? 

i''' 'Vrc'ck.M' lutes the heart, o-fthe programpit 
■f eifict J, o"'i T (K;,i. "1 K'i ) returns the data vectors to the pr 
I, ■■ ,j ' ■ f .i/i. ji, I. c-iii tal.'sl es -and s-bpKes as input parametei 
i:')!.’ i,:?!,.'. . i"-'. 1 1 ; vsetors to the program.! 

begin ■ 

,i f encryp then 
btarjin 

■C w r ' j t e 1 n ( e n c ryption’)?! 
lsh:i -ft <nl, keyc) 5 
3, shi -ft <n 1 J keyd ) p 
else 

bug in ■ 

Cwr i tel n (•■’ decrypt! on*" ) s i- 
ll I. s "<^3a-n 1 ? 

.1 shift (ni, keyc) g 
1 shift (nl ji keyd) ? 

one! i 


•Cwr L to ( ’ keyes 
far is*l to 28 da 


wr i teCkeyeCi Is 1 ) ?writeln? 



wr i te ( ” keyds ')? 
for is --3, to 28 do 
writ® (keydC-i 3s J ) |wri teln 
for to 28 do 

begin 

key 1 C i 3 s wkeyc C i 3 5 
keylCi+283s-*keydCi 3 


permute <56 !i 48, keyl 9 pc 2 ? key 1 ) p 
{writer key Is ”)| 

“for is*l to 48 do writ®(keylCi 3s 1) pwritslnp! 
is *01 
{re?peat n 

i ! «si 1 ? k 1 ! * 8 * i p ^ jti;,, '■ I-;" ;%#/■ 

K 1 1 *kc-?y 1 Ck i'-yi p -sM'i,’ 

f or j s * k I “~7 to k 1 *" i _ _ do 
H I a l“+“keyl{ j + 1.3 


aif> 




■ ' • it b..j / t T iri Til 




' , ■' ' ■■ ■■‘■3 ciD wr- i te ( r i [ i 3 s 1) 5 wr i te < s 

' '• " 1 t‘ Q 4Ffj do 

:i"i-keylL'j. 3 ) mod 25 

■ ‘ wr i te ( temp [ i 3 s 1 ) ; wr i tel n 5 !'■ 

/■'if; . ' ■ ’ 

J. j 

'■O'. i-'T. •■•■6 duwnto 1 do 

hc.'Qin 

temp 1 C k 3 ; =temp t j 3 5 


ter i 1 3 ..B to 3 do 
far to 15 da 

caae i of 

Ist-sEi'i, ji 33 " 3 lCi:i., jl3; 

2 s t s f i 1 , j 1 :u =s 2 1 : i 1 , j 1 3 r, 

3 s t Si C i 1 j j 1 3 s “•b 3 C i 1 , j 1 3 ; 

4;ti=iE-.. 1, ji;ii:-s4C;i.ldl3'!i 

SstsCilj jl35«s5Cil,jl3; 
6 ! I;.*", t i 1 j, j 1 3 s i 1 j j 1 3 ; 
7s tsE i 1 s j 1 3 8 =s;7r.i 1 i j 1 3 ? 
Bstsiif/j, Ip j 13s=aari Ip.J 13 

end ; 

•t-for ils^B to 3 do 
beqin , 


■for Jis=0 to 15 do 







write <tsCi 1 , ,j 1 3 s 3) 5 writelnp 
end J > 

i i8wtempiC63-+"25i«tempiC13 5 

emp 1 C 2 3 +t emp 1C 
K 2 s“t«cii,'j n§ 

•for k!**l to 4 do „ 3 . 
b©oin 1 - 

frikiCl 33 '«k 2 mod 2 -, 

: ' • 'k 2 s =»>«2 div< 2 ri ' 


end I ; „ r/.Vf- 

un t i 1 i * 8 1 / 

permute (32 ^ 32, 1 r i k i , p , f r i k i > | 
•for" i 8 « 1 ' 1 0 ■; 32 < d o,,,, , • v , 
li Ci.aj^^'frikiCi ’J-t-UCi 3i,jtiOd 2 


MAIN PRQismM .eeaiNa; 




'*4 . .. r. I. 






4 -V; 






TVPE "E" F'OR ENCRYPTION OR ANY OTHEi' 

■ ■ . ' s ; OKi,. ; 5 

' '■ i") ;; >r;";, ! gj n i; 

* ’ ' ■■ ■ I ' > nr V ' g!' ) t.he?n 

.’■•V-i'-yr) : -rru.e? 

■v:-;i,ts?l rMT'e n c r y p t i o n 


wri t €■>,!, n C ' d e c r y p t i o ; 

i '-0 n i'i f 

/‘5 r i. : f:!-! j. 1 1 i/4 r i, t: 0 3 , 1 1 p 

lA"' i. n (^^^'LEr^SE ENTER THE KEY s 8 BYTES IN HEX, 
w i .'.el ri : 


■for .i r ta 64 do 

I :oy r :i. J 5 

i. ' '■ C »{ i. J, B 0 ^ 

■' {reading t.he key inte'racti vel y 

j s ”8;# i 5 

i 1 ; i 1 + 1 5 

read (KBD, X4 > 5 

hex ( X,4s kS) 5 wri te <x5s 2) 5 

j !»j -55 : ^ ' . ' : . ■ , 

for k5--l to 3 da 

. begin 

k ey C j 3 8 wk 5 mod 2 ? 
x5ti»=x5 div 2| 

«ndji 

ji«*j 478 ' 

i 3, J »i 3, + 1 g 
read <!<B0, X4) § 

hen (X4 ,hS) ;writfeMKfj5 2i, ’ ’ >B 

for ka=sl to 4 do ■ ,, ■■ 

begin f ‘ 

keyCJ38»H5 mod 2; ■ '■ ■- 

i<58«K5 div 2| 

j 8 “.i-~Xs ■ '‘-S'- v 

end § , o ■ 'V ;; / '■ ' if" , 0. ’ '■ ; ■ ' ’ 

f or* k J. e j j' te (k»yfck 13'8 1 J 

wr iteln; . ■''V’'kY 0:r •. 

untl 1 i «Sp wril8|^{|lV‘l00 •' 

{’for i 8^3, to ‘ i' V, ■ ■' ,= 

write I key Ci 3 8- 
wrJ.tfflln'S>, ' 
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• ' ;■ V..:' 5 

■■1 •:> H-; I -:./■ '< ;; 
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r opt.'. :i,t. ! read i ng one block o-f 8 characters tram the teKt file inp2« 
lUFx'BO PASCAL treats ASCI, I (26) as an E'OF' character^ so it any at t!" 
"hai tcrs in the ou('pt.(t ot the encryption process happens to be 
(•■'BL'i.! (. 26 ) the text output tile will be abruptly closed and 
subsequent ci'iar ac tersi 1 ost . Theret are whenever the output, has 
A£»CII('.26) as one* constituent character a string "*'* is printed ir 
the output t i 1 e. Correspondi ngl y I, i t the input tile ha.s "j!<" ir it.,i 
nu.r,;>i'. foe replaced with char (2.6) when sending tor encrypti on . This 
takes care ot such eventual i ti es.. The eventuality wh.»rc the 
string "!(<" staggers the boundary between two adjacent blacj-:s is 



keyed 3!»keyCi 3? 
keydCi 3 s*keyCi+28a 


01 


it rem=l. then 

begin . ' . 

plgwl 5 K 6 C 13 s»x 6 C 23 ?reffl 5 »= 05 goto 17 ; 

end? 

it rem ,»2 then 
begin, 

pl'5*s2p<6C13 5 »'k6C23f K6C23s«K6C33srem! =*0pgDtc3 17 
end? '* 1 -. ,:Vr','„y 

it remf3 thent.. 

begin ^ 
p 1 a I K 4> C 1 3.S »?4i6,t,S3 s r em « =f0 ? goto 7 5 
«Snd| y ,' , 
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t - ' T.nan 

begin 

; 6 C 1 1 ; -"Char < 26 ) n p ;!. ; -"1 ^ 
s'nd else p 1 s ==3 § 
end else pis =2 5 
end else? pi s =1.1 
re,T(:~®p 

1 -f ( p 1 ~ 2 ) an d ( i =7 ) t. hen 

begin 

P 1 s ■“ ;!, q 

rem.;=:lp 

end;; 

•i+ Cp'i=-- 3 ) and <i=--=7) then 
begi. n 

reffl:“2p 

endq 

i-f (pi -- 3 ) and (i=6) then 


n 1 *♦ « 

■:|.4 4 , » •**' db. ^ 

r(vHns« 3 !i 
end 5 

17 s for j 2 != 1 to pi do 
begin 
is«i-+'J4 
k 1 s ™8>Hi I 

K 1 s «or d ( s< 6 L j 2 3 ) 5 -Cr i te ( x 6 C j 2 3 ) ; wr i t e 
for ,jis=»kl downto <kl“ 7 ) do 
begin 

dlCjl 3 s=Kl mod 2s 
div 2s 

ends 

ends 

until i»85if eofCg) then f latia ™trues goto 
JUJsfor 18*4 + 1 to 8 do 
begin 

k Is “Situs, 

Kl5<»325 < write (char (k 1 ) ) swriteln(Xl) s> 
fcjr j 1 8 *kl idownto (kl-* 7 ), do 

begin;, 'g;,, . 

cf 1 C J 1 3 s «K 1 - I -.,5 i, 

K 1 8 »K 1 d ..-j;- , ' ' ■ ’ * 

ends <v' b 

, en d }_,! V, • i’ g’' -’b;- b‘ 

i -■:■■■ i ■:>, -.VI CO write (dl Ci 3 s 1 ) s 

, d j , ip 



i. ; 1 to 64 do wr i t.f? ( d? C 

to 32 do 

■'! '„3 i n 

i i c j 1 :is ="cj 2 E: j 1 :J; 


Hi' id s 


••d2[: j 1+32 1! 5 


wri tal n i > 


•df o,' 1 5 =• j. to 32 do wri te (1 i C i :i 3 1) 5 writal n; 

-!(:■)?• is = i. to 32 da wr i te (ri C i ] r. 1 ) ; wri tel n ? > 

■' BHcryp then 

.jucjii'i -icallincj "iterates ac.cardinQ to key schodu 
■£ wri tel n t ■’ encryption’ ) 5 } 

■for j 1 5 ----I to 2 do 
begin 


:i t e r a t ad, k e y c 5 k e y d , en c r y p , r i 2 , 1 i , s 1 , s 2 
s 7 ,, h 8 J pc2,, Sp p ) 5 
i change ( 1 i , ri 2) 
ends ■ 

■for jg=--l to 6 do 



i terate (2, keyc, keyd, encryp,, ri2;, 1 i , si s3, s4 ,, s5, -c -6 
p s?, B 85 pc: 2 , Sp p ) s 
ichangedi ,ri 2 ) ; 

end 5 

i t«5rc\te ( i ,, keyCp keyd , encr yp, r i 2 , 1 i s J. , s 2 , 53 ;, s4p s5p 36 ;, s7 , s 

a, pc ;25 e, p) s . 

i change - (1 i p ri 2 ) 5 

for is *1 to 6 do 

begin 

i terate (2% keyc; p keyd, encryp , ri2, 1 i p si , ■•j2, s3p s4, s5., b 6 

* s 7 p sSj pc:2, e, p ) 5 



i changed i ,ri2) 5 
end? , 

i torat© C I !i' keyc , keyd , encr yp 
8 j pc2|i e>s p ) s 


end mlBB 
begi n 


iwrttelnddecryption-’ ) s > 

iterate <0^ keyc, keyd, encryp, r i 2, 1 i , si , 

pc2 ,e,p)s_, 

icbangeXl'i 'iri2) ; ^ 

iterate'di keyc, keyd, encryp, ri2, 1 i , al , 
pc2 ,BBPJr/' 

ichange <i i ,ri2) 1 r %kPrt ■ . • ’ 
for ^ : 

.begin ' 7 | 4 ^-sjS! 

•tM ;i1;®b^tei,2i,'ki^cjk"ey£i,;er»c:ryp,ri2, 1,1 

i.r. • ' S / J S8g PC2 H ■ 

Lchange d i , ri2) p 

i 1 5 keys, keyd, encryp , ri 2, 1 i al , a 




. •'. (2, . k:r/d^ 


Si / ^ SI B p C 2! li © j| p ) 


i ter lat.e ( 1 j, keyc ^ keyd , encryp « r i 2 !, 1 
P':2., e,p)i| 

tfor to 32 do 

bejgin 

r i 2 [ j . 1 : •■••d. :i. [ j ] 5 
end;) 

for jt-i t,(j 32 do 
bey:., rs . 

U 2 i:::rj;=:r.ii r.j 3 . 

d2C32+.,i:.kr.-;ri2r.j,l; 


per mLite ( 64 , 64 , d 2 1 , i p 1 5 d 1 > 5 

r.for’ to 64 do wr i te (d 1 1 i li s ; wr i tel n|S 

•for is™'! to 64 do vviri tc? (d2C i 3 s 1 ) ; wr i ts?ln ? > 
i ! = 0 ; 

repeat '[converti ng the output to ASCII -for writing to cjutput. 
•file) 

i5=i+l? 
k , 1 . s '= 8 * i § 

>■! . 1, 8 -=dl Ckl-TIa 

•for j 5 =••=•( kl--7) to CkJ.--J. ) do 

!■! 1 5 "2$'A 1 -^-d 1 C j -i~l 3 ; 'Cwr i te <k 1 s 6 ) 5 wr- i tel n ; > 

{ i f ( K 1 < 32 ) or ( X i > 1 26 ) t h eri 


K 1 6 "*63 5 ) 

if !<1“26 then writeCh, ’ ) else 


wri te (h, char <k 1 ) ) 5 f wr i te (char (x 1 ) ) ii ) 



until i»8p 

•Cfor is»l to 64 do 

begin 

d3Ci 3s®d2ti3 4' 
d2j:i3!*ciUi:i5 
clli:i Is^dSCi 311 

andfJ 

flag? . ■ , , 


writeln < ’ The input message iss 
writelng' 

re»et<g)| • ■ 

while not ®ofig) t';.' 
begin 6;4r;rf-'' 

road )•':■,•' •It 

wri te <x4) is . ^ . 4*,V\ - 
end I wr i t«l n | ’■ , 

wr i tel n ( '* 

' I. , *'*• J ' 1 ’► 

wr I t.e J. n I , ' „■ . . ; 

1 r < -■ Tl 

..V,- y. r-' i 1. ’Tr:’© y'P'S^d 








3P*S 


Siil 


'I ) p te 
: ' i : cl':". He (g 


4 ) 5 

close (h ) 5 


I 


■I 







LAi'iGLJAGS: F'FJOGRAM FO 
5-i!'iRD'A!f^F-i;E; EMCFEYPTION IN' 


R ENCRYPTION IN THE W: 
TEF?FACE. 


■■■1 C ..'i": 

■::rrA,Ti 
'i';. i'N 
J 

J: Z ‘-ai'A 1 'T '1 


■for waiting for DEIU flac 


CALL.. PrilMS 
CAIJ.,„. CRU'-' 
CAl. L. F'.E'.L’iD 
CPI •^iE 
POP B 
RET 

READS ! CAL. L, 
CAU,.,. PRINT 
HOV M,A 
CPI 7C 
JZ OUT 
I NX H 
■IMP READS 
OUTsDCX H 


!i routine for reading message from termir 


MESlsDBA KEY/MESSASE — "1M'‘EW OR ’•P’‘REVIOUSLY STORED ?* 

MES2!DBA PLEASE ENTER THE KE:Y. He 
MES3sDBA "E"NCRYPTION OR '‘D-ECRYPTION ?i^ 

ME84:DBA PI. ENTER THE MESSAGE. END WITH # 

MESS ! DBA BYTES'! 

RDATAsPUSH H jroutins -for inputting new messages paddi ng up with 
PUSH B requisite nurabcjr of blanks to make number of character 

GALL READS .a multiple gi 8, K' ■ 

LOOP48MOV A,L ■ 

ANI 0F ■’ 

3Z STEPS . • 

'CPI. 88 ' ' ' ■■ , " -ZZ.' .r.,-. ,>.■:.■■ . . 

«I35 STEF^e ,, c::. • : 

SNX H --zrv'L,. ‘ ^ 

«VI A,20 ' 

wv H,A , -•]):' : : , 

'jhP L00P4 






5 routine for splaying the output message 
and transffii tf'ing over the serial link.. 


i.'; ■■'■•< 'f ! 


i-'(.)p i 
PCT 


reading 8 converted bytes 


l.00r '7HN E7 
AM t « 1, 

.:JZ LOOP 7 
IN £'6 
STAX D 
CAt.l.. BIHEX 
CALL TWOSP 
INX D 
DCR B 
JNZ 1..00P7 
CALL CRLF 
L00P98lM EE7 
AN I 08 
JZ OUTl 
IN E6 
JMP LOOP? 
OUTl: POP B 
RET 

PRTSsPUSH H 
LHI,0 53FE 
MOV B,H 
MOV C,L 
'POP H 
MVI D,F0 
LOOPAi IN "£5 
:ANI 02 
LOOP A 


./... ' ■ i’ 

D^j’; r 


sending 3 bytes to DE-IU 





)>< ' ■'l)!"'.''! 

( i’ 1' ' '•'’f. i! 


) ' - i"' 1 ■ 

'■ ! / r i a 
\::h h 
iJLJ'T f 7 
lju r ii£ 
OUT i;.'5 
OUT' 

HVI A, 40 
OUT t-'S 
MV I A, 6 A 
OUT" t::,''; 

MV I A, BA 
our E'l 
MV I A,CE 
OUT T5 
MV I A, 37 
OUT r5 


CALL Wrt[T 







JNZ STLIM 
LX I ESMES2 
CA!,.,L PNTMS 
CAI..L CRLF 
LXI H, 501.1. 
CALL HXCHR 
LXT. 50 1.8 

LX I D,5008 
LOOP Is MOV A,M 
MVX C,00 
'MVI B,08 
'L00P2JRAR ' 
JNC STEPi. 

:INR C 
..OTiPlsDCR 
^'NZ LOOP2 

«qv B,A^, 


inputting the key 
5 adjusting the key for odd parity 









n— 

wtm 

iW 


iiiiiiiiiii 




■.■■i"': ’ 1'.. 


' 'j. *■ I;, 'iiivi 

f'.- 

rili'-’' Ely 

Mfc:.S3 

Pi'ylTiiS 


JNZ STEPS 
CALL, WAITl 

l^'IV I A j 3© r, i r i t i a.1. i <rji n 
OUT E7 
LX I 

LX I I), 540.1. 

MV I 15, '31 

JMP STEPS 

STEPS a CALL. WAITJ. 

MV I A, 20 ainitialisin 

OUT IZ7 

LX I H,5401 

LX I D,5101 

MV I B,54 

STEPS s CALL WAIT 

awz STEP? 

PUSH B ' 

LX I BpMES4 '/■: 

CALL. PNTMS 

CALL CRLF , Lv-'T 

POP B ^ 

CALL, RDATA, 

STEP? a PUSH D 

PUSH H^Fg -t'''-, 

W 


lising the DEU -for encryption 




